CVE-2016-2774 — MEDIUM (5.9)

Vulnerability Description

ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion failure or request-processing outage) by establishing many sessions.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Isc	Dhcp	4.1-esv
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	14.04

Related Weaknesses (CWE)

CWE-20

References

http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2590.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory
http://www.securityfocus.com/bid/84208Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id/1035196Third Party AdvisoryVDB Entry
https://kb.isc.org/article/AA-01354Vendor Advisory
https://lists.debian.org/debian-lts-announce/2019/11/msg00023.htmlThird Party Advisory
https://usn.ubuntu.com/3586-1/Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183458.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183640.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-updates/2016-07/msg00066.htmlMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2016-2590.htmlThird Party Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlThird Party Advisory

FAQ

What is CVE-2016-2774?

CVE-2016-2774 is a vulnerability with a CVSS score of 5.9 (MEDIUM). ISC DHCP 4.1.x before 4.1-ESV-R13 and 4.2.x and 4.3.x before 4.3.4 does not restrict the number of concurrent TCP sessions, which allows remote attackers to cause a denial of service (INSIST assertion...

How severe is CVE-2016-2774?

CVE-2016-2774 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2016-2774?

Check the references section above for vendor advisories and patch information. Affected products include: Isc Dhcp, Debian Debian Linux, Canonical Ubuntu Linux.